Add user to group via workflow

Clinton F · ‎12-16-2015

Hi All,

I just want to know if it is possible and how much effort is required to get the following working.

We have allot of requests for ServiceNow access in our company and we would like to automate this process via a Workflow. I want to create a new RITM and a new Workflow to handle these requests. In the workflow we want to be able to ask the user to tell us which group(s) they need to be a member of, this will provide access to them.

This is the part I am not sure I can do or how we would do it. The rest of the workflow would then go for approval first and once approved I want ServiceNow to add them to those group(s) and then close the Request.

Has anyone done something similar and do you know how much effort will be required, hours / days / weeks etc.

rhea29 · ‎01-23-2018

Can you please tell me what is the need to pull the groups first?

there is no data being pulled into addlist array

also in the add membership function in the for statement it should be grouplist instead of addlist

also in the same function what is reqfor?

scwillson · ‎01-23-2018

Hi Rhea, I've actually not looked at this in over a year, but it looks like you spotted the flaw in my _addMembership function.

It looks like my initial write up of the script might have been that it was mostly combined into a single function, I noticed that "addlist" is declared in the first function, and called in the second...which is why its likely not working. Looking back, its got some gaping holes. When I get some time, I'll spin this back up in my dev instance to see if it works after some patching up.

rhea29 · ‎01-23-2018

Thank you so much Simon for looking into this. i have a similar demand from one of my clients to automate adding users to groups. your code seems find but somehow i am getting an undefined 'addlist'. it is not entering the for loop in pull groups function because grouplist.length is undefined. can you please look into this for me

scwillson · ‎01-24-2018

I figured out what the original problem was. The crux of my issue was just that I was attempting to pass and process an array of groups through the function, but it was being passed from the workflow as an object instead of an array.

I reworked it a little to add the ability to add and/or remove group membership based on selections of a catalog item.

Put these two functions in your script include:

addMembership: function(user,grouplist) {

for (var g=0; g < grouplist.length; g++) {

var grp = new GlideRecord('sys_user_grmember');

grp.newRecord();

grp.setValue('group',grouplist[g]);

grp.setValue('user',user);

grp.insert();

}

},


removeMembership: function(user,grouplist) {

var grp = new GlideRecord('sys_user_grmember');

grp.addEncodedQuery('user=' + user + '^group.sys_idIN' + grouplist);

grp.deleteMultiple();

},

Here is how I am calling the script include functions from the Run Script action in my workflow:

var user = current.variables.onbehalf=='true'?current.variables.onbehalf_of:current.opened_by;

var type = current.variables.type;

var util = new GroupUtil();



if (type=="Add"||type=="Both")

util.addMembership(user,current.variables.add_membership.toString().split(","));

if (type=="Remove"||type=="Both")

util.removeMembership(user,current.variables.remove_membership.toString());

Note how for the "addMembership" function, when passing the group list I convert it from an Object to a String, then convert that string into an array; .toString().split(",").

The function for removing the membership does not iterate through an array of groups. It just needs a comma separated list to apply the filter to the GlideRecord, so I only need to convert the object to a string before I pass the parameter for the "removeMembership" function.

I tested it and confirmed it fully functional. hope this helps.

rhea29 · ‎01-25-2018

hey it is working now

Thank you so much for your help